EulerOS 2.0 SP2 : gstreamer1-plugins-good (EulerOS-SA-2017-1065)

According to the versions of the gstreamer1-plugins-good package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Heap-based buffer overflow in the flxdecodedeltafli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10...

EulerOS 2.0 SP2 : gstreamer-plugins-good (EulerOS-SA-2017-1063)

According to the versions of the gstreamer-plugins-good package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Heap-based buffer overflow in the flxdecodedeltafli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10....

EulerOS 2.0 SP1 : gstreamer-plugins-good (EulerOS-SA-2017-1062)

According to the versions of the gstreamer-plugins-good package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Heap-based buffer overflow in the flxdecodedeltafli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10....

EulerOS 2.0 SP1 : gstreamer1-plugins-good (EulerOS-SA-2017-1064)

According to the versions of the gstreamer1-plugins-good package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Heap-based buffer overflow in the flxdecodedeltafli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10...

EulerOS 2.0 SP1 : gstreamer1-plugins-bad-free (EulerOS-SA-2017-1008)

According to the versions of the gstreamer1-plugins-bad-free package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer's VMware VMnc video file format...

EulerOS 2.0 SP2 : gstreamer-plugins-bad-free (EulerOS-SA-2017-1009)

According to the versions of the gstreamer-plugins-bad-free package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer's VMware VMnc video file format...

EulerOS 2.0 SP2 : gstreamer1-plugins-bad-free (EulerOS-SA-2017-1007)

According to the versions of the gstreamer1-plugins-bad-free package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer's VMware VMnc video file format...

EulerOS 2.0 SP1 : gstreamer-plugins-bad-free (EulerOS-SA-2017-1010)

According to the versions of the gstreamer-plugins-bad-free packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer's VMware VMnc video file format...

EulerOS 2.0 SP1 : setroubleshoot, setroubleshoot-plugins (EulerOS-SA-2016-1033)

According to the versions of the setroubleshoot, setroubleshoot-plugins packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The setroubleshoot packages provide tools to help diagnose SELinux problems. When Access Vector Cache AVC messag...

Monitor AWS & GCP Configurations: Security Monkey

Monitor AWS & GCP Configurations Security Monkey is an OpenSource application from Netflix NetflixOSS which monitors/alerts/reports one or multiple AWS/GCP accounts for anomalies. Security Monkey monitors your AWS and GCP accounts for policy changes and alerts on insecure configurations. It...

Gravitate QA Tracker <= 1.2.1 - Unauthenticated PHP Object Injection

The plugin gravitate-qa-tracker insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. Attack is exploitable over HTTP requests to sites with the gravitate-qa-tracker Plugin. The original researcher...

Gravitate QA Tracker <= 1.2.1 - Unauthenticated PHP Object Injection

The plugin gravitate-qa-tracker insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. PoC Attack is exploitable over HTTP requests to sites with the gravitate-qa-tracker Plugin. The original...

My Geo Posts Free <= 1.2 - Unauthenticated PHP Object Injection

The plugin my-geo-posts-free insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. Attack is exploitable over HTTP requests to sites with the my-geo-posts-free Plugin. The original researcher notifi...

Referrer Detector <= 4.2.1.0 - Unauthenticated PHP Object Injection

The plugin referrer-detector insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. The original researcher notified the WordPress Plugins team. PoC Attack is exploitable over HTTP requests to sites...

AJAX Random Posts <= 0.3.3 - Unauthenticated PHP Object Injection

The plugin ajax-random-posts insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. The original researcher notified WordPress Plugins team. PoC Attack is exploitable over AJAX calls on sites with th...

NextGEN Gallery geo <= 1.0 - Unauthenticated PHP Object Injection

The plugin nextgen-gallery-geo insecurely trusts serialized data submitted over AJAX requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. The original researcher notified the WordPress Plugins team. PoC Attack is exploitable over AJAX calls sites with...

openSUSE Security Update : gstreamer-plugins-base (openSUSE-2017-512)

This update for gstreamer-plugins-base fixes the following security issues : - A crafted AVI file could have caused a floating point exception leading to DoS bsc1024076, CVE-2017-5837, bsc1024079, CVE-2017-5844 - A crafted AVI file could have caused a stack overflow leading to DoS bsc1024047,...

e107 Cross-Site Forgery Request Vulnerability

e107 is an open source, free and PHP and MySQL based content management system CMS developed by e107 team. A cross-site request forgery vulnerability exists in e107 version 2.1.4 in plugin-installing, meta-changing, and settings-changing. A remote attacker can exploit this vulnerability to downlo...

CVE-2017-8098

The CVE-2017-8098 entry describes a cross-site request forgery in e107 2.1.4, enabling a malicious page to induce the application to download and install a plugin via forged requests during plugin-installing, meta-changing, or settings-changing. The affected software is e107 (CMS) version 2.1.4; ...

WordPress: plugins.trac.wordpress.org likely vulnerable to Cross Site Tracing (xst), TRACE HTTP method should be disabled

Background A Cross-Site Tracing XST attack involves the use of Cross-site Scripting XSS and the TRACE HTTP method. According to RFC 2616, "TRACE allows the client to see what is being received at the other end of the request chain and use that data for testing or diagnostic information." XST coul...